General

  • Target

    1c95e036382e0768ac8b43445528cfbce4f655025bb3ccc74b5721d0ad79092c

  • Size

    4.2MB

  • Sample

    240509-2mr5eaag9t

  • MD5

    9969cc421eca0c845f2954a2b99f733a

  • SHA1

    5277742ab31bffd6214177fdc7abf0d3012e0ddc

  • SHA256

    1c95e036382e0768ac8b43445528cfbce4f655025bb3ccc74b5721d0ad79092c

  • SHA512

    3e6408d468044bcd7a664d2cd8e204f4528a2fa672ede4673aff65bbb0efeadeb090d11d40a0a6720832ccf6b6f58113b591df3d55a6c7ec98357de9d8182d40

  • SSDEEP

    98304:9Q9NLetdMUbMQcDuuZxpw6wZYxbShEgW29DIYI1VWjDTKhv/ZvBZzH:29NSjM9QcjOisE18U78jDGd/ZvXH

Malware Config

Targets

    • Target

      1c95e036382e0768ac8b43445528cfbce4f655025bb3ccc74b5721d0ad79092c

    • Size

      4.2MB

    • MD5

      9969cc421eca0c845f2954a2b99f733a

    • SHA1

      5277742ab31bffd6214177fdc7abf0d3012e0ddc

    • SHA256

      1c95e036382e0768ac8b43445528cfbce4f655025bb3ccc74b5721d0ad79092c

    • SHA512

      3e6408d468044bcd7a664d2cd8e204f4528a2fa672ede4673aff65bbb0efeadeb090d11d40a0a6720832ccf6b6f58113b591df3d55a6c7ec98357de9d8182d40

    • SSDEEP

      98304:9Q9NLetdMUbMQcDuuZxpw6wZYxbShEgW29DIYI1VWjDTKhv/ZvBZzH:29NSjM9QcjOisE18U78jDGd/ZvXH

    • Glupteba

      Glupteba is a modular loader written in Golang with various components.

    • Glupteba payload

    • Windows security bypass

    • Modifies Windows Firewall

    • Executes dropped EXE

    • Loads dropped DLL

    • UPX packed file

      Detects executables packed with UPX/modified UPX open source packer.

    • Windows security modification

    • Adds Run key to start application

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

    • Manipulates WinMonFS driver.

      Roottkits write to WinMonFS to hide directories/files from being detected.

    • Modifies boot configuration data using bcdedit

    • Drops file in System32 directory

MITRE ATT&CK Enterprise v15

Tasks